README.rdoc

CanCan

CanCan is an authorization library for Ruby on Rails which restricts what
resources a given user is allowed to access. All permissions are defined in
a single location (the Ability class) and not duplicated across
controllers, views, and database queries.

Installation

In Rails 3, add this to your Gemfile and run the bundle
command.

gem "cancan"

In Rails 2, add this to your environment.rb file.

config.gem "cancan"

Alternatively, you can install it as a plugin.

rails plugin install git://github.com/ryanb/cancan.git

Getting Started

CanCan expects a current_user method to exist in the controller.
First, set up some authentication (such as Authlogic or Devise). See Changing
Defaults if you need different behavior.

1. Define Abilities

User permissions are defined in an Ability class. CanCan 1.5
includes a Rails 3 generator for creating this class.

Setting this for every action can be tedious, therefore the
load_and_authorize_resource method is provided to automatically
authorize all actions in a RESTful style resource controller. It will use a
before filter to load the resource into an instance variable and authorize
it for every action.

class ArticlesController < ApplicationController
load_and_authorize_resource
def show
# @article is already loaded and authorized
end
end

This will raise an exception if authorization is not performed in an
action. If you want to skip this add skip_authorization_check to a
controller subclass. See Ensure
Authorization for more information.